Incomplete Files, Police Reject KPU Report Regarding DPT Leaks
JAKARTA - The police have not been able to follow up on the report from the General Election Commission (KPU) regarding allegations of leakage of the final voter lists (DPT) that were sold on hackers' forums. This is due to incomplete reporting requirements.
Head of the Public Relations Division of the National Police, Kombes Ahmad Ramadhan, said the reporter had not completed the letter of assignment from the leadership and several other files.
"The formal requirements are not yet complete, including a letter of assignment from the KPU leadership and the translation results from accounts on social media are also not brought," said Ahmad in Jakarta, Friday, May 29.
Ahamd said, the KPU plans to make another police report on Friday, May 29, of course with complete formal requirements. However, he admitted that he had not received information on whether the report made by the KPU today was complete. He only made sure that the KPU would make a report today.
"Today, Friday, May 29, 2020, it is planned that the KPU will return to the SPKT Bareskrim Polri to make a police report," said Ahmad.
KPU denial about data leakageKPU commissioner Viryan Aziz explained, based on data tracing with the KPU technical team, the image displayed on social media was the 2014 Election DPT. The image clip shows voters domiciled in Yogyakarta.
Even so, Viryan denied that the data obtained by hackers came directly from the KPU server. "DPT data for the 2014 elections can no longer be accessed apart from the internal KPU since 2018," Viryan said in a video conference with journalists, Friday, May 22.
Then, why are millions of DPTs in the ".pdf" format with detailed voter population data scattered around? he claims, during the 2014 Election, there were several parties who were allowed to receive the copy, provided that it was only for election purposes.
This is regulated in Article 34 paragraph (5) of the Election Law Number 8 of 2012. The substance is so that the parties concerned are convinced that they have received authentic documents and that the DPT KPU is the real data.
"In this case, a copy with the '.pdf' format can be given to the political parties participating in the election, Bawaslu, and the government. The three parties accept it," explained Viryan.
However, because the DPT details are confidential data, all parties must sign an agreement that such data cannot be provided by other parties and can only be used as data analysis to obtain accurate voter data for election purposes.
Viryan suspects, there are external parties who indeed spread it to other parties, so that the sale and purchase of DPT in hackers' forums appears. Therefore, the legal route was chosen to solve this case.
"So, the KPU coordinates with related parties to carry out a search by BSSN and the National Police Headquarters. We want to be certain where the person concerned got it from. But, what is clear, the data is not directly from the Indonesian KPU," explained Viryan.
Initial accusationsThe news about millions of KPU permanent voter data that was allegedly leaked in the hacker community forum was first disclosed by the @underthebreach account on Twitter.
This Twitter account is active enough to monitor hackers' activity, especially those related to leaking personal information. He also briefly informed about the sale of 91 million Tokopedia user data on the dark web.
Through his tweet, this account uploaded three screenshots of the KPU folder and sample data published on hacker forums. According to him, 2.3 million identity data were leaked.
"These data include name, address, NIK, date of birth and others. These data are from 2014. Hackers claim they still have 200 million more data," tweeted @underthebreach.
From VOI's search, the hacker said the data was stored in ".pdf" format obtained from the General Election Commission website. According to him, these data will be very useful for those who wish to register an account.
"Very useful for those who need to create multiple phone numbers in IDs (you need ID NIK and NKK for registration), or do some extracting phone numbers from those IDs," wrote the hacker.
This hacker also claims that he still has 200,000,000 other Indonesian citizens' data that will be shared through the forum. "I think Indonesian data seems rare in this forum," he said.
Some of the population data displayed includes full name, family card number, Identity Number (NIK), place and date of birth, home address, and several other personal data. From the sample data he shared, most of the leaked information came from residents in Yogyakarta.
The distributed data sample contains folders of voter data from a number of regions in Yogyakarta, including their registered polling stations. The data is compressed in a 1.78GB file which can be obtained after paying 8 euros on the forum.